Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Newbie questions about Rhino

17 views
Skip to first unread message

axel.g...@gmx.de

unread,
Oct 1, 2009, 11:32:58 AM10/1/09
to dev-tech-js-...@lists.mozilla.org
Hi,

I'm new to Rhino and I've got two questions where until now I haven't found a solution for:

1. Is it possible to restrict the access to Java objects or classes from a script? E.g. if I don't want to let script developers doing something like "var buf = new java.lang.StringBuffer ();". Could I configure the engine with a white or black list or do I have to implement it via an own derived class from org.mozilla.javascript.SecurityController?

2. Is it possible to access the syntax tree of a parsed script? E.g. for generating XML transforming it via XSLT to a documentation?

Many thanks in advance,
Axel

David Parks

unread,
Oct 1, 2009, 2:37:45 PM10/1/09
to dev-tech-js-...@lists.mozilla.org
1. When you create the root scope, here is what I do:
rootScope = cx.initStandardObjects(null, false);
rootScope.delete("org");
rootScope.delete("edu");
rootScope.delete("javax");
rootScope.delete("com");
rootScope.delete("net");
rootScope.delete("Packages");
rootScope.delete("java");
rootScope.delete("JavaImporter");

These are the java packages loaded by default, in particular removing "java"
disables the generic access to the java subsystem (should I call it a
supersystem?), but the rest of them allow access to all kinds of java
classes directly.
I don't promise I got all of them, I haven't validated that code snippet
from my own app yet. But I think that's the full set. If I remember
correctly you can inspect the scope using ScriptableObject.getAllIds(). Some
playing around with that should get you a full list of everything that is
accessible to the script.

2. Hmm, for this one, I want to say you can do it, but I can't find anything
useful in the API docs, but I'm not the expert.
** Maybe someone else can comment here **
But if not I can suggest you take a look at the Interpreter class, I've
previously played with it and vaguely remember seeing something that might
be useful to you. It was some time ago, so I don't remember any better
specifics, but if you take a look around that class you might find something
you can use that only requires a minor tweak.

Hi,

_______________________________________________
dev-tech-js-engine-rhino mailing list
dev-tech-js-...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-js-engine-rhino

0 new messages